Everyday quantum computing is years off – so why are some firms already doing quantum encryption?

KPN is already exploring the use of quantum encrypted connections between its datacenters. Image: KPN

Phone companies around the world are working to protect their customers’ data from a threat does not yet exist: large quantum computers.

Although the arrival of these advanced machines could be as far off as 15 years, telecoms companies are already implementing new quantum encryption algorithms.

These firms are preparing for the possibility that quantum computers will one day scale sufficiently to break through even the most sophisticated of today’s encryption barriers.

The most common quantum encryption method utilizes a technology called quantum key distribution, which can be implemented on existing fiber-optic connections.

Two users constantly send random strings of numbers to each other as pulses of photons. Each pulse of photons is saved in the specific quantum states of on, off, or on-off, which represent one number string, or key. Any third party or eavesdropper that tries to intercept a key inherently changes the key’s quantum state, which alerts the users to the security breach. Conventional data encryption methods cannot necessarily detect an eavesdropper on a communications link.

One firm making an early play in this emerging area of security is Dutch telecoms company KPN, which has just implemented a quantum-encrypted connection between its datacenters in Rotterdam and The Hague.

Other telecoms providers have launched similar pilots. South Korea’s SK Telecom announced in March that it is running five quantum-encryption tests across the country. And the UK’s BT has been studying a quantum-encrypted connection that it installed in 2014 with Toshiba between two of its sites in Suffolk.

Large tech companies and governments are also accelerating investment in quantum computing. In April, the European Commission announced it will release €1bn ($1.12bn) to support quantum computing research across the European Union.

Google, Lockheed Martin, and NASA have all purchased $15m quantum computers from D-Wave Systems, a Canadian startup that has raised CAD $174m ($134m) in funding. And last month, IBM announced a new cloud-based quantum computer that anyone can sign up to use.

Telecoms providers are not the only ones worried about data security in a post-quantum world. The US National Institute of Standards and Technology issued a report (PDF) in April that called on institutions to implement ‘quantum-resistant’ encryption algorithms to protect their data as research around quantum computing accelerates.

“Simply put, we do not know where companies and governments are with their current capabilities. Rather than speculate on what that risk is, it’s better to be prepared,” KPN chief information security officer Jaya Baloo says.

Hard-to-factor prime numbers encrypt today’s most sensitive data, such as credit-card information and government files, because hackers would need years to break them down into their lowest factors using today’s computers. Scientists have shown that it can take current computers two years to factor a 232-digit prime number, and prime numbers used to encrypt data are often longer.

The quantum computers that are available today are far less capable of factoring prime numbers than conventional computers. In 2014, a research team demonstrated that a quantum computer could factor a five-digit number but then admitted that a classical computer could easily do the same.

However, accelerating investment in quantum computers will make quantum computers powerful enough to factor any existing security algorithm’s prime number. This breakthrough could come within 15 years, according to industry experts.

KPN is now monitoring how quickly data is moving across its new, quantum-encrypted connection, as well as how encryption keys are being swapped every second.

The company declined to reveal how many customers have links to or store data in the datacenters connected by the new, quantum-encrypted connection but said KPN customers will not be charged any extra in service fees as a direct result of the new quantum project.

Baloo says once KPN can demonstrate that the new quantum-secured connection is robust, it will scale more of these connections across the Netherlands. KPN will also work on implementing longer encryption keys and post-quantum encryption methods that are more advanced that quantum key distribution.

The surprising situation is that some organizations may now be capturing other people’s encrypted data, even if they do not have the capability to decrypt it yet. However, once quantum computers become powerful enough, these organizations will be able to unpackage these secrets.

“You can use the old, secret information to predict future plans,” Baloo says. “The thinking is: capture now, decrypt later.” Hedging their bets on the riskiest scenarios, the communications industry and KPN are erring on the side of caution.